With this week’s announcement of Akamai CLI 1.0 as a part of the 2018 Spring Release, now seems like a great time to highlight new functionality for Akamai CLI. First, a bit of background on this one:
In order to secure origin infrastructure, many companies opt to disallow all traffic to origin at the firewall except for traffic coming from known Akamai edge server IP addresses. However, as the list of active IP addresses changes over time, origin firewall rules must always be kept up to date to ensure optimal performance.
Today, this constantly updated IP address list is available manually in the Akamai Luna Control Center portal, where users can view and download the latest list of active IP addresses and CIDRs.
But now, there’s an even better way: With the new Akamai CLI for Firewall Rules, these actions can be invoked using the command line, making it quick and easy to access this information and integrate it into any flexible workflow.
Additionally, Akamai Site Shield functionality is available as part of the Firewall Rules package for customers who have the Site Shield product. With Site Shield commands, users can view their list of maps, IP addresses, and CIDRs, and acknowledge any pending updates.
The available CLI commands are below (see the Github repository for full details):
Firewall Rules list-services - List all firewall rules services available list-subscriptions - List current subscriptions subscribe - Subscribe to a firewall rules service unsubscribe - Unsubscribe from a firewall rules service list-cidrs - List the CIDRs for current subscription or a specific firewall rules service
Site Shield list-maps - List available Site-Shield maps. list-cidrs - List the CIDRs for current subscription or a specific firewall rules service acknowledge - Acknowledge a pending Site-Shield map update.
If you don’t yet have Akamai CLI installed, first follow the installation instructions here (available for macOS, Linux, and Windows). Once you’re up and running, installing the Akamai CLI for Firewall and siteshield is simple, using
$ akamai install firewall
Ensure your API credentials have Firewall Rules Notification and Site Shield API grant access, and then you’ll be off and running. By default, Akamai CLI for Firewall Rules uses the [firewall] credential section and the [site-shield] credential section in your .edgerc file.
Once installed, usage is simple after running setup:
$ akamai firewall list-services
$ akamai firewall list-subscriptions
$ akamai firewall list-cidrs
$ akamai site-shield list-maps
...and so on.
We’re excited to have you try out this new release; we hope Akamai CLI for Firewall Rules will be a useful tool to incorporate into your workflow and help automate the management of Akamai IPs at your origin infrastructure.
Vreddhi Bhat is a senior solutions architect at Akamai Technologies.